on TTL expiry BIND sends 'ANY' query, gets back 'NOANSWER'

Phil Mayers p.mayers at imperial.ac.uk
Mon Apr 13 12:59:12 UTC 2015


On 13/04/15 13:48, Tony Finch wrote:
> Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>> TBH I wonder if bind mightn't be better caching ANY as a separate
>> pseudo-type, if I'm understanding the problem correctly.
>
> Actually I think you are asking for BIND not to treat ANY specially :-)

Maybe. I don't have ANY (ha! ha! oh my sides...) idea how it treats it 
now, it seems...

> If BIND gets a positive answer to an ANY query, it caches each RRset from
> the response individually. There is no separate positive ANY cache entry.
> This means that if you query for a type which was not present in the ANY
> response, BIND will pursue that query upstream. This is necessary because
> ANY responses can be incomplete. When BIND gets a NODATA response to an
> ANY query it creates a special cache entry which matches any query type,
> so subsequent queries for the same name will get a cached negative
> response regardless of the type.

Ah ha. This is interesting.

> You are asking for these negative cache entries to match only ANY queries,
> not queries for other types, so they behave like normal NODATA cache
> entries.

Well, I personally am not seeing problems so I'm not really asking ;o)

But it does seem the current behaviour is maybe a little dangerous, even 
if the upstream server is buggy. One wonders if a spoofed negative reply 
could be triggered more easily with it.


More information about the bind-users mailing list